[liberationtech] Google confirms critical Android crypto flaw
Nathan of Guardian
nathan at guardianproject.info
Thu Aug 15 04:34:16 PDT 2013
On 08/15/2013 06:29 AM, Maxim Kammerer wrote:
> I have a hard time trying to figure out from Alex Klyubin's blog post
> [1] just what the problem in affected Android class libraries was. Did
> they forget to include a urandom-backed SecureRandom provider? Or set
> it as one with highest priority? Or they did it include it, but it
> wasn't registered as SHA1PRNG that people used?
It is very simple. After appending material from /dev/urandom to seed
the RNG, an offset is incorrectly set, so that subsequent counter and
padding data overwrites part of the seed, resulting in not enough trust
randomness.
This only affects devices and/or keys generated on devices running
Android before 4.2.
The best description is here:
http://armoredbarista.blogspot.ch/2013/03/randomly-failed-weaknesses-in-java.html
+n
More information about the liberationtech
mailing list